[
https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15491244#comment-15491244
]
Ted Ross commented on DISPATCH-8:
---------------------------------
The user_id is in the Properties, which is part of the bare message (the
immutable part of the message). Injection is not an option.
I would modify the conditions as follows:
First, we need to add a policy flag called something like "allow user_id proxy"
that controls this process. If the flag is True, no checks are performed on
the user_id.
If the flag is False (default), then:
IF (message.properties.user_id is present and not blank) AND
(message.properties.user_id is not equal to the connection's authenticated
identity OR the connection is not authenticated) THEN Reject the delivery with
an appropriate error message.
This algorithm ensures that all messages that cross the network that have
user_ids have authenticated user_ids or user_ids supplied by specifically
trusted proxies.
> Message:user-id must be authenticated on ingress
> ------------------------------------------------
>
> Key: DISPATCH-8
> URL: https://issues.apache.org/jira/browse/DISPATCH-8
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 0.1
> Reporter: Ted Ross
> Assignee: Chuck Rolke
> Priority: Critical
> Fix For: 0.7.0
>
>
> When a message is received on an ingress link (i.e. from an originating
> endpoint) and the message has a user-id field in its properties, that user-id
> must be authenticated.
> At first, this means that the user-id must be the same as that which was used
> to authenticate the connection.
> There may be other means of authenticating user-ids in the future, but
> Dispatch must not simply pass them on unchecked.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
